terraform icon indicating copy to clipboard operation
terraform copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Atlantis in ECS Fargate fails to get custom aws provider - ERROR: failed to get shared config profile

Open gatemken opened this issue 1 year ago • 3 comments

Terraform Version

Error running plan operation: running \"/home/atlantis/.atlantis/bin/terraform1.8.1 init -input=false -upgrade\" in \"/home/atlantis/.atlantis/repos/gsen/tftest/3/default/myrepotest/us-east-1/ecr/test\": exit status 1\n\nInitializing the backend...\n╷\n│ Error: failed to get shared config profile,

Terraform Configuration Files

provider.tf terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "my-test" region = "us-east-1" }

backend.tf terraform { required_version = ">= 0.12.2"

backend "s3" { region = "us-east-1" bucket = "" key = "" dynamodb_table = "" profile = "my-test" encrypt = "true" } }

Create any test resource in your main.tf

Debug Output

Works fine when ran locally

Expected Behavior

ECS fargate should be able to find the profiles listed in ~/.aws/config

Actual Behavior

ECS on FARGATE fails to read profiles in ~/.aws/config

Steps to Reproduce

Deploy atlantis in ecs fargate using the terraform-atlantis-ecs module setup gitlab or github webhooks create your backend.tf and provider.tf and make sure profile are set. i.e provider "aws" { profile = "my-test" region = "us-east-1" }

Removing profile = "my-test" works. keeping it leads to an error

Additional Context

Note: everything works if i don't specific a profile. For our use case, we need to be able to run terraform code locally and with atlantis. Specifying a provider is a MUST.

References

No response

gatemken avatar May 10 '24 05:05 gatemken

Hi @gatemken,

You mention that removing the profile entry in the provider allows the configuration to work, but the error you presented indicates there was a problem with the backend configuration. Can you confirm which (or both) of the components is failing here?

Thanks!

jbardin avatar May 10 '24 15:05 jbardin

@jbardin it is both. Specifying the profile keyword in providers.tf or backend.tf causes that error. not specifying the profile flag leads to successful plan/apply.

This is my Dockerfile:

FROM ghcr.io/runatlantis/atlantis:latest COPY aws_config /home/atlantis/.aws/config

cat aws_config [profile my-test] role_arn = arn:aws:iam::account-id:role/my-aws-admin-role credential_source = EcsContainer

terraform version 1.8.1 runs on the ecs container by atlantis.

I have try setting ENV in the ecs container and in the docker container but it still fails. you should be able to reproduce the issue.

FYI: This works perfectly fine, if i deploy atlantis on EC2 instance.

gatemken avatar May 10 '24 17:05 gatemken

I need this to work on EC2 Fargate not EC2 Instance. I would appreciate it if someone can reproduce the issue and work out a possible fix or workaround

gatemken avatar May 10 '24 17:05 gatemken

This issue can be closed

gatemken avatar May 21 '24 12:05 gatemken

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Jun 21 '24 02:06 github-actions[bot]